At a glance
1CDP is a secure platform that helps organize, share, access and use data to protect the health of communities. Data are governed by applicable laws, including federal cybersecurity requirements and standards. 1CDP will also incorporate formal agreements that set parameters around access to and use of data.
Platform Security and Data Privacy
1CDP's cloud-based environment provides modern tools for real-time, secure data use while supporting responsible data practices among its users. 1CDP promotes transparency by balancing access and use of datasets and workspaces with protections afforded under applicable laws and consistent with terms in data sharing agreements or mechanisms by which CDC obtains the data populating the platform.
Within 1CDP, platform access and data access are not the same thing.
- Access to 1CDP does not mean access to all data.
- Established agreements with jurisdictions inform access to, and provisioning of, each jurisdictions' data.
- CDC data stewards apply the terms of those agreements in a process that is open to auditing for consistency and accountability.
- CDC controls and configures the platform.
- Vendors that support 1CDP for specific development or maintenance activities may access data for purposes consistent with their contracts and are subject to requirements set out in their contracts related to privacy and security of data they may access.
How CDC Manages and Protects Data Usage
CDC protects public health data in 1CDP in many ways.
- Federal Cybersecurity Standards: 1CDP is hosted in a secure environment that meets Federal Risk and Authorization Management Program ( and Federal Information Security Modernization Act ( requirements. The platform is regularly reviewed by CDC's Cybersecurity Program Office to ensure alignment with these requirements.
- Transparency and Auditing: CDC has separated platform access from dataset access to help ensure maximum accountability for data. As currently configured, 1CDP users are authenticated in CDC's and must agree to standard Rules of Behavior upon login. Once users have been given access to the platform, data stewards designate which datasets users can access and track and audit that use.
- Privacy by Design: As a matter of best practice, CDC collects only the minimum data necessary to meet public health goals. Most data are de-identified. For any personally identifiable information in 1CDP, CDC must comply with federal privacy laws and administered by CDC's Privacy Program Office. Privacy-related requirements are built into the platform where the datasets are housed to support compliance.
- Operational Governance: The day-to-day operation of 1CDP is guided by CDC's Enterprise Technology and Data Governance and implemented by platform steward representatives from CDC's Office of Public Health Data, Surveillance, and Technology, Office of Readiness and Response and Office of the Chief Information Officer. This oversight ensures platform activities align with CDC's mission and federal law.
- Policy as Code: For the first time at CDC and as an enterprise-wide best practice, provisions for datasets from data sharing or funding agreements, legal and statutory requirements, and other applicable policies are being incorporated into the platform's data spaces and pathways. Jurisdictions can sign CDC's Core Data Use Agreement (DUA) to provide any data-specific terms that can inform access and use of the data and which can be updated over time.